CVE-2019-0351
HIGHSAP NetWeaver UDDI Server 7.10-7.50 - Remote Code Execution
Title source: llmDescription
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2800779
Scores
CVSS v3
8.8
EPSS
0.0216
EPSS Percentile
84.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (6)
sap/netweaver
7.10
sap/netweaver
7.20
sap/netweaver
7.30
sap/netweaver
7.31
sap/netweaver
7.40
sap/netweaver
7.50
Published
Aug 14, 2019
Tracked Since
Feb 18, 2026